It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda WAF-as-a-Service
Overview Documentation Training Certification Materials

Traffic Rules

  • Last updated on

Traffic rules enable you to route the traffic to different backend servers based on the Domain, URL path, Extended Match, and TCP port of the request. With the traffic rules, endpoints can route traffic to different backend application servers or a different TCP port. An endpoint is a combination of a Fully Qualified Domain Name (FQDN) and TCP port. By default, applications configured on the Barracuda WAF-as-a-Service can have a maximum of three (3) endpoints with different TCP ports, five (5) traffic rules in case of an Advanced license, and ten (10) traffic rules in case of a Premium license. Traffic rules can be configured to apply granular control over HTTP requests. Host match and URL match rules are used to match Host and URL fields. Extended match expressions can be used to match any combination of HTTP headers and/or query string parameters in a request. A '/*' rule (to be read as a rule consisting of URL '/*') would match any value for that header or headers.

By default, the load balancing policy configured for the server(s) on the SERVERS page is applied to the servers configured as part of the traffic rule.

Example:
Consider you have 4 application servers behind the host prod.barracuda.com, where the applications are static content, API version 1, Documents, and API version 2. You can create separate traffic rules for each application and associate one or more servers to which the request needs to be sent. If the request matches the configured URL path, the Barracuda WAF-as-a-Service applies the traffic rule policy and forwards the request to the server.

Traffic_Rules.png

In the above image:

  • All static resources such as images, CSS, JS are served by Server_1 and Server_2.

  • API version 1 is served by Server_3.

  • Documents are served by Server_1 and Server_4.

  • API version 2 is served by Server_2.

To Add a Traffic Rule

  1. On the WAF-as-a-Service web interface, go to the APPLICATIONS page and click on the application to which you want to add traffic rules.

  2. On your application page, click ENDPOINTS in the left panel.

  3. On the Endpoints page, click Add Traffic Rule and specify values for the following:

    1. Status – Set to Enabled to allow the traffic rule policy to participate in the rule match.

    2. Name – Enter a name to identify the traffic rule.

    3. Endpoint – Select the endpoint(s) to which the rule needs to be applied.

    4. Host – Enter the matching criterion for the host field in the Request Header. This is either a specific host match or a wildcard host match with a single " * " anywhere in the URL. Specify * if you want the Web application hosted on the service. If the application hosts multiple applications under different domains and you wish to add rule only for a particular domain, enter the relevant host name such as - www.example.com or *.example.com.

    5. URL – Enter the matching criterion for the URL field in the Request Header. The URL should start with a "/" and can have only one " * " anywhere in the URL. Use /* if you want the rule to cover all URLs in your domain.
      Example:
      /*
      /index.html
      /public/index.html

    6. Ext Match – Enter an expression that consists of a combination of HTTP headers and/or query string parameters. Use '*' to not apply the Extended Match condition.

    7. Ext Match Seq – Specify an order for matching the extended match rule. The order range is 1 to 1000 (default is 1000)

    8. Servers – Select the server(s) to which the requests coming to the specified endpoint needs to be forwarded.

    9. Click Add to finish.